Impact
Crypt::OpenSSL::PKCS12 versions prior to 1.96 contain a flaw in the print_attribute() routine. The routine copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length using strncpy, producing a buffer without a terminating NUL character. Later code calls strlen() on this buffer and passes the inflated length to newSVpvn(), which then copies adjacent heap bytes that were not part of the intended attribute into a Perl scalar. This out‑of‑bounds read can expose arbitrary data that resides next to the buffer in memory, such as sensitive credentials or cryptographic material, and is classified as CWE‑125.
Affected Systems
Crypt::OpenSSL::PKCS12 modules from JONASBN that are older than version 1.96 for Perl are affected. Every build of the module before 1.96 contains the vulnerable print_attribute implementation and is therefore susceptible to the heap OOB read.
Risk and Exploitability
Exploitation requires an attacker to supply a crafted PKCS12 file that triggers print_attribute(). The vector exists in any application that parses PKCS12 inputs without validation using the vulnerable module. No publicly disclosed exploits are known, the EPSS score is unavailable, and the issue is not listed in CISA KEV. The CVSS score of 9.1 indicates a severe risk of information disclosure via heap out‑of‑bounds read. The likely attack path is via an application’s handling of malicious PKCS12 data.
OpenCVE Enrichment